Problem Definition:

At the moment, JIRA is allowing the creation of users without a password and it will generate a random password for the user:

If you do not enter a password, one will be generated automatically.

There is an option to send an email to the Created User Email Address where the user will be asked to set up their password.

But, this seems to lead multiple problems where it is not required to create a password when creating a user such as:

1. When it is Randomly generated, we won't know what the password is if the option to send mail notification is not set.
2. With the option to send notification is not selected by default, it is possible that the Admin forgot to select it leads to a random password generated for the user.
3. As the created user without password is not asked to set up the password when logging in, they can only reset the password through the email or ask the admin after a lot of retries with the error "Wrong Username and Password" showing rather than "Please Reset Your Password to log in"
4. The admin will require resetting their password when the user is complaining that they unable to log in without knowing that the password was randomly generated before.

Suggested Solution:

For the problem above, suggested solution that I could provide for the user that the password was randomly generated:

• When the admin is not providing a password when creating a user, the "Notification" feature will be automatically triggered.
• Allow those users to set up the password when they try to log in for the first time if their email notification is not selected.
• Give the warning "Please reset your password to log in" when they try to log in.
• Or password shouldn't be generated at all.

In addition, a documentation update of "Create, edit, or remove a user" for this will be great as well.

Notes:

• This would not apply for Internal with LDAP Authentication or Delegated directory as JIRA will use the password from the External Directory instead.